X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=hieradata%2Fcommon.yaml;h=24069f18ae6f72d502c92a49b288a2e33528ea26;hb=2835c1daf1a5f55ec56366fa5d534b6bfc7728cb;hp=f4833d323ace9eb48ba431f9ed7e5dd25054affc;hpb=20caa56ceca373ded695bfb19d32ba8ac696f9a3;p=mirror%2Fdsa-puppet.git diff --git a/hieradata/common.yaml b/hieradata/common.yaml index f4833d323..24069f18a 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -1,8 +1,37 @@ --- -nameservers: [] -searchpaths: [] -resolvoptions: [] + +lookup_options: + # with merge: unique entries in other hiera sources add to the array + resolv::searchpaths: + merge: unique + apt::sources::debian::location: + merge: unique + +resolv::nameservers: [] +resolv::searchpaths: ['debian.org'] allow_dns_query: [] +role_config__mirrors: + mirror_basedir_prefix: '/srv/mirrors/' +role_config__syncproxy: + mirror_basedir_prefix: '/srv/mirrors/' +samhain_recipients: + - 'debian-archive-debian-samhain-reports@master.debian.org' + - 'debian-admin@ftbfs.de' + - 'weasel@debian.org' + - 'zumbi@oron.es' +root_mail_alias: + - 'debian-admin@debian.org' +paths: + letsencrypt_dir: '/srv/puppet.debian.org/from-letsencrypt' + auto_certs_dir: '/srv/puppet.debian.org/ca/RESULT/certs' + auto_clientcerts_dir: '/srv/puppet.debian.org/ca/RESULT/clientcerts' +apt::sources::debian::location: 'https://deb.debian.org/debian/' + +staticsync::user: 'staticsync' +staticsync::basedir: '/srv/static.debian.org' + +# all of these should be retired in favour of including the class role +# with the host. weasel, 2019-09 roles: bugsmx: - buxtehude.debian.org @@ -13,14 +42,12 @@ roles: bugs_base: - buxtehude.debian.org - beach.debian.org - buildd_master: - - wuiet.debian.org - buildd_ports_master: - - portman.debian.org contributors: - nono.debian.org dbmaster: - draghi.debian.org + debtags: + - tate.debian.org dns_primary: - denis.debian.org dns_geo: @@ -29,26 +56,33 @@ roles: - geo3.debian.org extranrpeclient: - denis.debian.org - ftp.d.o: - - klecker.debian.org ftp_master: - - franck.debian.org + - fasolo.debian.org ftp.upload.d.o: - - franck.debian.org - coccia.debian.org + - usper.debian.org api.ftp-master: - coccia.debian.org + dgit_browse: + - cgi-grnet-01.debian.org + dgit_git: + - cgi-grnet-01.debian.org git_master: - adayevskaya.debian.org + historicalpackages: + - hier.debian.org keyring: - kaufmann.debian.org - keystone: - - oyens.debian.org lists: - bendel.debian.org mailrelay: - mailly.debian.org - muffat.debian.org + manpages-dyn: + - manziarly.debian.org + - cgi-grnet-01.debian.org + mirrormaster: + - melartin.debian.org muninmaster: - menotti.debian.org nagiosmaster: @@ -57,7 +91,7 @@ roles: - nono.debian.org packages: - picconi.debian.org - - pkgmirror-1and1.debian.org + - pkgmirror-csail.debian.org packagesmaster: - picconi.debian.org packagesqamaster: @@ -66,73 +100,237 @@ roles: - paradis.debian.org piuparts: - pejacevic.debian.org + piuparts_slave: + - piu-slave-bm-a.debian.org + - piu-slave-ubc-01.debian.org + popcon: + - pinel.debian.org pubsub: - rainier.debian.org - rapoport.debian.org - puppetmaster: - - handel.debian.org qamaster: - quantz.debian.org - release: - - franck.debian.org rtmaster: - reger.debian.org - security_master: - - chopin.debian.org - security_tracker: - - soler.debian.org rtc: - vogler.debian.org search_backend: - wolkenstein.debian.org search_frontend: - cgi-grnet-01.debian.org + security_master: + - seger.debian.org + security_mirror: + mirror-anu.debian.org: + fastly-backend: false + mirror-csail.debian.org: + fastly-backend: false + mirror-isc.debian.org: + onion_v4_address: 149.20.4.14 + mirror-umn.debian.org: + onion_v4_address: 128.101.240.215 + mirror-accumu.debian.org: + fastly-backend: false + mirror-skroutz.debian.org: + fastly-backend: false + lobos.debian.org: + service-hostname: lobos.security.backend.mirrors.debian.org + fastly-backend: false + onion_v4_address: 212.211.132.250 + santoro.debian.org: + fastly-backend: false + schmelzer.debian.org: + fastly-backend: false + schumann.debian.org: + service-hostname: schumann.security.backend.mirrors.debian.org + fastly-backend: true + setoguchi.debian.org: + fastly-backend: false + sechter.debian.org: + fastly-backend: false + villa.debian.org: + service-hostname: villa.security.backend.mirrors.debian.org + fastly-backend: true + onion_v4_address: 212.211.132.32 + wieck.debian.org: + service-hostname: wieck.security.backend.mirrors.debian.org + fastly-backend: true + security_tracker: + - soriano.debian.org + security_upload: + - suchon.debian.org + ssh.upload.d.o: + - coccia.debian.org + - suchon.debian.org + - usper.debian.org sso: - diabelli.debian.org - static_master: - - bizet.debian.org - - dillon.debian.org - - franck.debian.org - static_mirror: - - busoni.debian.org + # single sign on relying party (host) - also required apache2 module enabled on that host via other means + sso_rp: + - debussy.debian.org + - diabelli.debian.org + - jerea.debian.org + - nono.debian.org + - quantz.debian.org + - tate.debian.org + - ticharich.debian.org + - wilder.debian.org + - wuiet.debian.org + static_mirror_onion: - klecker.debian.org + - mirror-isc.debian.org - senfter.debian.org - - mirror-csail.debian.org - # when adding a new static mirror, allow it to sync etc, but do not push to it and wait for it. For this, also add it to static_mirror_nopush. - static_mirror_nopush: - - dummy - static_source: - - master.debian.org - - dillon.debian.org - - franck.debian.org - - lilburn.debian.org - - lindsay.debian.org - - philp.debian.org - - ravel.debian.org - - senfl.debian.org - - wolkenstein.debian.org syncproxy: + - gretchaninov.debian.org + - klecker.debian.org - milanollo.debian.org + - mirror-anu.debian.org + - mirror-isc.debian.org + - mirror-umn.debian.org + - schmelzer.debian.org + - smit.debian.org tracker: - ticharich.debian.org udd: - ullmann.debian.org vote: - vento.debian.org - #weblog_destination: - # - ravel.debian.org - #weblog_provider: - # - busoni.debian.org - # - klecker.debian.org - # - senfter.debian.org + weblog_destination: + - wolkenstein.debian.org + weblog_provider: + - klecker.debian.org + - mirror-anu.debian.org + - mirror-csail.debian.org + - mirror-isc.debian.org + - mirror-umn.debian.org + - santoro.debian.org + - senfter.debian.org wiki: - wilder.debian.org www_master: - wolkenstein.debian.org + cgi.d.o: + - wolkenstein.debian.org postgres_backup_server: + - backuphost.debian.org + - storace.debian.org + bacula_director: + - dinis.debian.org + bacula_storage: - storace.debian.org dabackup_client: - - moszumanska.debian.org - lw03.debian.org gobby_debian_org: - gombert.debian.org + debian_mirror: + klecker.debian.org: + listen-addresses: + - '130.89.148.12:80' + - '[2001:67c:2564:a119::148:12]:80' + onion_v4_address: 130.89.148.12 + mirror-accumu.debian.org: + service-hostname: accumu.debian.backend.mirrors.debian.org + fastly-backend: true + mirror-skroutz.debian.org: + service-hostname: skroutz.debian.backend.mirrors.debian.org + fastly-backend: true + mirror-isc.debian.org: + listen-addresses: + - '149.20.4.15:80' + - '[2001:4f8:1:c::15]:80' + onion_v4_address: 149.20.4.15 + schmelzer.debian.org: + listen-addresses: + - '217.196.149.232:80' + - '[2a02:16a8:dc41:100::232]:80' + fastly-backend: true + service-hostname: conova.debian.backend.mirrors.debian.org + historical_master: + - sibelius.debian.org + historical_mirror: + - gretchaninov.debian.org + - klecker.debian.org + - schmelzer.debian.org + - sibelius.debian.org + debug_mirror: + mirror-accumu.debian.org: + onion_v4_address: 130.242.6.199 + service-hostname: accumu.debug.backend.mirrors.debian.org + schmelzer.debian.org: + listen-addresses: + - '217.196.149.232:80' + - '[2a02:16a8:dc41:100::232]:80' + onion_v4_address: 217.196.149.232 + service-hostname: conova.debug.backend.mirrors.debian.org + debug_mirror_onion: + - mirror-accumu.debian.org + - schmelzer.debian.org + ports_mirror: + - klecker.debian.org + - mirror-isc.debian.org + ports_mirror_onion: + - klecker.debian.org + - mirror-isc.debian.org + planet_master: + - philp.debian.org + planet_search: + - philp.debian.org + i18n.d.o: + - tye.debian.org + l10n.d.o: + - tye.debian.org + dedup.d.n: + - delfin.debian.org + pet.d.n: + - petrova.debian.org + ports_master: + - porta.debian.org + onionbalance: + - olin.debian.org + bgp: + - mirror-accumu.debian.org + - mirror-skroutz.debian.org + cdimage-search: + - cgi-grnet-01.debian.org + apache_prefork: + # php needs this + - quantz.debian.org + - tchaikovsky.debian.org + - wuiet.debian.org + postgresql_server: + # postgresql instances not managed by puppet otherwise + - bmdb1.debian.org + - buxtehude.debian.org + - danzi.debian.org + - fasolo.debian.org + - lw07.debian.org + - melartin.debian.org + - sallinen.debian.org + - seger.debian.org + - snapshotdb-manda-01.debian.org + - vittoria.debian.org + debsources: + - sor.debian.org + debconf_wafer: + - debussy.debian.org + apache_not_public: + # Hosts that run apache but where it should not be open to the internet by + # default + - casulana.debian.org + apache_ratelimited: + - beach.debian.org + - buxtehude.debian.org + - lw07.debian.org + - picconi.debian.org + - pkgmirror-csail.debian.org + - sallinen.debian.org + cdbuilder_local_mirror: + - casulana.debian.org + snapshot_web: + - lw07.debian.org + - sallinen.debian.org + snapshot_shell: + - lw08.debian.org + +classes: + - base::includes